I was trying to RDP into a server from my Windows 7 laptop and got an authentication error has occurred. 0x609. I disabled Symantec Endpoint Protection on the laptop and was ablet to remote into the server. I dont have a firewall on the laptop or server nor do I have Symantec firewall enabled. What could be the issue?
Perhaps the most basic of questions, but on my Win 10 Pro machine which about 15 months ago I put SEP Manager 14.2 on there, and SEP itself, I'd like to remove both. In Apps & Features in Win 10 I have an option to Uninstall the SEP client. But the SEP Manager Uninstall link is greyed out. Also FWIW, SEP has not talked to SEPM in months. I'm upgrading to sep 15 via integrated defense so am fine with total removal of SEP 14.x related stuff. Am I missing a simple step, like first disable SEPM services or something? Thank you.
Just want to get clarity on my understanding.
If NTP feature is selected in the client package, it needs a restart after installation for the teefer driver to sit in the Ethernet Port to filter the traffic based on the firewall rule.
If NTP feature is not selected in the client package, do the client needs a restart after the installation?
Please clarify.
Hello:
I have several unmanaged 14.x (Build 3332) clients that are experiencing issues that are supposed to be fixed with build 3335; they started experiencing these issues, immediately following the installation of build 3332. So, I was happy to see the new build (build 3335) that appears to fix the issues my clients are experiencing. Here's the problem: the build 3335 upgrade does not offer an .exe installer file for build 3332, only build 3333 (to upgrade) to build 3335 is offered. Is this a typo, because I can't even find a tech article, siginifying that a build 3333 existed? I certainly do NOT wish to attempt to install this .exe and find that it will NOT work and/or that it messes up my installs. I hope someone can clarify my next step. Anyone's (especially Symantec's) help is greatly appreciated!
Thank you!
Options?
We had several business laptops stolen a few months back from a storage locker by unknown guest or staff. One laptop is periodically being turned on and is reporting back.
SEP + Office 365 are both reporting back through respective cloud server admin centers. The user has only been logging in using a Guest account that was setup with no password and limited rights. Other accounts with passwords and higher level exist but never reported as being used.
In the SEP logs I have an IP address it’s coming from which has been static (consistent and not changing) and is owned by AT&T. Thus, does not seem to be roaming. No IP searches have given me further clues other than its local IP address to our town.
I've already made a Police report. I have not disabled either technology because I did not want to lose information that may lead to whom stole the laptops. I've been hoping another know IP address would pop-up but not yet. Biggest concern is finding out if it was a staff person that's still employed. Retrieving the laptop is not the concern, it has little value and no sensitive data.
HOW can I use SEP on this managed device to gather more info, such as browsed sites, apps being used or other ideas (clues to who is using it), or reverse hack to gather more info? Can I eventually remote wipe or use SEP to basically make the device unusable. If I can't find the perpetrator, I don't want them to be able to freely benefit from their thievery, but my goal is finding out if it's a staff person so we can deal with it.
Any ideas or advice welcomed about the laws to adhere to or hacks available, even if on the fence when it comes to laws. I do realize it could have been sold to unsuspecting persons, but our company name is branded on the laptops, so probably not so naive.
Thank you
i have a Windows Server 2012 virtual machine that will freeze up and require a full system restart every few days. Before the freeze up occurred, errors in Event Viewer show "A time out (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service."
what is causing this error, and could it be resulting in a system freeze?
Could it also interfere with the operation of other programs on my machine? Because at other times, a web server program will cease working properly and will need to be restarted. The web server's TCP port is seen as open, but any attempt to access the web page it services results in a blank screen.
This series of errors appears to be the only troubleshooting clue in Event Viewer.
i saw a closed topic similar to this one posted last year here:
although a tech support person from Symantec comments in the thread, the solution is not mentioned. Anyone else seen this issue and have a fix for it?
Hello Folks,
Is there some way the install package of SEP14 can over-ride the tamper protection on existing security solution if we are provided with the uninstall password of the existing security solution thats install on the endpoint?
And moreover, if there are more than one existing security solution on the endpoint like McAfee and malwarebytes, can have a custom install package that will uninstall McAfee only, byt keep malwarebytes?
Regards
Fawaz M
Hi,
Need help onchecking some clients that are not reporting to the SEPM Console. I checked the clients and they are online and everything is up to date but when I go to the container in the SEPM Console I dont see that client. Even when extracting a client report they do not show.
Thanks
SEPM没有更新病毒库,服务器与外网的连接时通的
**Translation**
SEPM does not update the virus database, the server is connected to the external network.
Hello,
We have had 6 customer so far which are unable to use Java JRE suddenly on their production systems.
Some of them installed our product years ago, and all of a sudden it stopped working.
The common thing they share is that they all use Symantec Endpoint Protection 14.2.
Within 10 days time, 6 customers reported issues.
It looks like that the JRE is not working properly anymore, it gives a crash when some native code is used, which is using Java again.
In the attachment you can find some hs_err_pid files of the crashes we see.
For most customer we could fix it by switching to use the JDK instead of JRE.
For one customer another product we deliver had to be reinstalled, and they were only able to do so after disabling Symantec Endpoint Protection.
So it looks like SEP is influencing Java in the wrong way lately. Are there specific updates done recently?
Is this a known issue?
With kind regards,
Cees
What is the default Heartbeat and Randomization?
What should be the ratio?
Referecening few of Symantec Forum article we managed to publish SEPM on internet with proper security considerations. Things are still in pilot only. One observation we have SEP clients are showing local IP of machine when reporting to SEPM, which some way causing confusion because of similiar internal IP schema.
So, Is it possible to get SEP client's public IP (of ISP) when connecting from internet rather than local IP assigned to it by router (192.168.x.x , 10.x.x.x, 172,x,x,x).
Hi I just got a new laptop. It's running Windows 10 Home Version 1809, 64-bit operating system, x64-based processor. When I try to install Symantec Endpoint Protection I get the follow message:
"The installer integrity check failed with error code 0x80070002. Common causes for this failure inslude an incomplete download, damaged media, or problems with the trusted Root certificate store."
Can any one help me? I have deleted and redownloaded the installation files multiple times, and I always get the same mesage.
Hi Everyone,
Can someone help me getting syslog event reference guide or any other document that explains about event format for each type of SEP event(incident) forwarded to external syslog server. I need to check each unique event(System/Audit/Any Security incident) that we receives from SEPM via syslog forwarding.
Any lead would be great help.
Thanks in advance!!!
Note: Please don't post steps on "how to enable syslog forwarding" on SEPM.
With SEP for Linux 14.2.1031.0100 on RHEL 7 we are seeing smcd nearly constantly reading/re-reading the multi-hundred-MB dated log data in /var/symantec/sep/Logs/MMDDYYYY.log in mere 8KB read() operations. We have seen this before on older versions of SEP 14 as well.
This happens even with smcd started with '-l warning' instead of the default of '-l info' What is the purpose of this and how do we stop it? It saturates a full CPU core on our VMs unless we stop smcd, deleted all of those logs, and start smcd again. That buys us some time until those logs get big again.
% sudo strace -f -p 28822 ... [pid 28822] read(14, "31050400343A,6,2,0,ourhost-linux"..., 8191) = 8191 [pid 28822] _llseek(14, -7976, [295662760], SEEK_CUR) = 0 <nearly constant stream of those system calls and 100% CPU usage> ...
When looking at the dashboard and the system details I see a warning/alert that the Live Update policies are locked (see image). What does this mean and how do you fix it?
Hi,
I have recently upgrade the symantec endpoint version from 14.0 to 14.2 MP1. After that upgrade client not update defitions automatically. We have manually update intelligent update, after that also it's not happen.
And the below folder occupied more space. Nearly 13 GB occupied on this location.
c$\ProgramData\Symantec\Symantec Endpoint Protection\14.2.1031.0100.105\Data\CmnClnt\ccSubSDK
Please let know why it's not update and occupied more space on that particular folder.
Regards,
Sukumar V
+91 9843234330
I have downloaded the SEP 14.2 trialware to install on our integration and test system, however I am unable to find the Linux client installation package, most of the clients are CentOS. Is it possible that I can be provided with the software? Both auto-compile and manual compile (if they are different) thanks.
I tried the online chat for support, they sent me here. :-)
Hi, I am new in this forum. My friend bought a 2019 Symantec Endpoint Protection 14 for home use. Since my Norton Lifelock is about to expire, he told me that he can install his SEP 14 for me and be his client for just a small amount. I am wondering since he is the client manager or server manager (correct me if I am wrong), can he spy on my laptop using the SEP 14 antivirus? Thank you. Mon
Hello,
As of right now we have a client who has network sharing enabled on his machine. It looks like he has also enabled Windows Media Player Streaming to be shared across the network. I'm wondering if there's any way to block this specific network device within SEPM. I've tried creating an application control policy with the WMP registry key but that doesn't seem to be doing anything.
Would the only solution be to disable network sharing on his machine?
Thanks.